Shostack + Friends Blog Archive


Breaches in SEC Reports

Gregory Fleischer saw my Shmoo talk, and was kind enough to tell me when he found breaches in SEC reports:

At your Shmoocon talk you mentioned that you had difficulty finding SEC filings related to security breaches. I was doing some research and came across several SEC filings that discuss security breaches.

Generally, these items are going to appear in either a 10-Q or 10-K. Typically, this will be some boilerplate warning in the risk factors section such as:

A material security breach of our information systems or data could harm our reputation, cause a decrease in the number of customers, and adversely affect our financial condition or results of operations.

He’s found that this Google search against the edgar-online site works well: (“disclosure of personal information”|”security breach”) (“10-K”|”10K”|”10-Q”|”10Q”)

I haven’t had time to read all of these, but being a fan of evidence, I wanted to share data points as I learned them.

One comment on "Breaches in SEC Reports"

  • JJ says:

    I came across your website when looking for speakers who can talk about social engineering to a college campus in Washington state. Any ideas, suggestions or help would be appreciated!

Comments are closed.